Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CompTIA Sec+ > GCGA Ch. 7 Summarizing Secure Coding Concepts (ST) > Flashcards

GCGA Ch. 7 Summarizing Secure Coding Concepts (ST) Flashcards

(11 cards)

Start Studying
1
Q

Input validation

A

A common coding error in web-based applications is the lack of input validation. Input validation checks the data before passing it to the application and prevents many types of attacks, including buffer overflow, SQL injection, command injection, and cross-site scripting attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Server-side input validation

A

the most secure. Attackers can bypass client-side input validation but not server-side input validation. It is common to use both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Race conditions

A

allow two processes to access the same data at the same time, causing inconsistent results. Problems can be avoided by locking data before accessing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Error-handling

A

Error-handling routines within applications can prevent application failures and protect the integrity of the operating systems. Error messages shown to users should be generic, but the application should log detailed information on the error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Code signing

A

uses a digital signature within a certificate to authenticate and validate software code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Code quality and testing techniques

A

include static code analysis, dynamic analysis (such as fuzzing), stress testing, sandboxing, and model verification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SQL injection attacks

A

provide information about a database and can allow an attacker to read, modify, and delete data within a database. They commonly use the phrase ‘ or 1=1 to trick the database server into providing information. Input validation and stored procedures provide the best protection against SQL injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Secure cookies

A

have an attribute set that instructs web browsers to only send them over encrypted connections, protecting them from eavesdropping attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Buffer overflow

A

occurs when an application receives more input, or different input, than it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Directory traversal

A

a type of injection attack that attempts to access a file by including the full directory path or traversing the directory structure on a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

XSS

A

Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject scripts into webpages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Sec+ (62 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions